HIPAA in on SQL Azure, on hosted SQL 2008 R2 or only on premises?

  • I've been asked to investigate moving part or all data processing off premises, and acting on a tip from twitter, I encountered what I think may be a show stopper. While it seems that Office is covered by MS on the HIPAA BAA, if you read to scope section at the very bottom of this document:


    it seems that SQL Azure is exempt from the HIPAA BAA, which I think makes it a non-starter for HIPAA sensitive applications.

    Am i reading this wrong?

    Does this mean that HIPAA sensitive data must be maintained on premises or is it acceptable buy hosted database services from Amazon or Rackspace et al but not on SQL Azure?

    Thanks for your help, as I am in the dark!

  • Windows Azure services have been expanding their compliance initiatives over the years, but I believe your interpretation is correct that WASD is not currently included in the HIPAA BAA.

    Keep an eye on that compliance statement page to ensure that you have the most up to date information.


  • Thank you so much for your confirmation, even though I wouldn't call it good news

    That said, I did get a real good laugh out of seeing you described as a rookie <g>.

    Thanks again


Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply